Attempts to connect to Axway SFTP server result in publickey auth loopin
Darren Tucker
dtucker at dtucker.net
Fri Feb 23 23:31:47 AEDT 2018
On 23 February 2018 at 23:07, Philipp Marek <philipp at marek.priv.at> wrote:
>
>> + struct identity *sent_signed_id;
>
> What happens if the server is configured to allow two different SSH keys?
> Wouldn't that then cycle between these two?
I don't think so. I think once both have succeeded neither will be
sent and it'll drop through to "we did not send a packet, disable
method" and either move to the next method or fail if there are no
more.
sent_signed_id is used to track the key that was just used to sign the
challenge from the server. The state of the keys is stored in a list
of Identity structures.
When the reply comes back after setting sent_signed_id there's 3 cases:
- failure: no change in behaviour. (maybe it should null out
sent_signed_id, although it should be set again before ever being
read).
- partial success: we mark id->tried with IDENTITY_SUCCESSFUL. The
non-zero value stops it from being sent again.
- complete success: ssh_userauth2 immediately cleans up the identities.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list